[ubuntu/zesty-security] xorg-server 2:1.19.3-1ubuntu1.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jul 24 16:27:12 UTC 2017
xorg-server (2:1.19.3-1ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
Date: 2017-07-17 14:35:13.602127+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.3-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list